4 Comments »
Over the past few months Facebook has been having some serious problems when it comes to spammers. Despite allocating significant resources toward battling the spam problem, it still continues to be a serious issue. One of the most frequently used tricks by spammers is guiding them to websites which encourage them to enter their Facebook username and password into a login form that looks identical to the Facebook login page.
One such scam, found by BitDefender earlier today, involves instant messages with fake links that redirect users to a site resembling Facebook. One has to wonder what individuals are successfully deceived considering the message being displayed isn’t really that tricky: “Hey! you have a crush waiting for you on Facebook! See here! [link]“.
Vlad Valceanu of BitDefender commented on the issue, saying that “Users should be cautious of any link sent to them via IM or email. Along with paying close attention to Web site names and likes, it is important for computer users to have an IT security solution installed onto their systems in order to avoid future attacks.” As Facebook continues to surge in popularity, spammers have quickly seized the opportunity to take advantage of the company’s brand recognition.
The bottom line is that no matter what a site looks like, you probably shouldn’t be entering your login into it unless you manually typed in “www.facebook.com“. I can only expect to see more of these scams appear in the coming months.
The real security threat is the end user, not thinking before they click, or being so naïve and vulnerable that they fall for this stuff.
-Jerry
I received a message through facebook chat to tell me someone had posted a picture of me in their blog. The link redirected me to http://www.faceiibook.com, and looked just like the real thing. I'm lucky I caught the URL and immediately searched it on google. The only result was that of a recent discussion in facebook where people were trying to spread the word. Apparently, it was pretty new.
Jerry, you’re right that it’s with the end user…but it’s also important that once it’s known that the word gets spread out so others don’t follow the lead. While Firefox and the latest IE Browser have tools to prevent phishing, by blocking the site…it’s more important to educate the users rather than to blame them for being naive and vulnerable.
Firefox and Chrome just blocked the Facebook JavaScript domain as a phishing site.
http://fbcdn.net
Ouch!